skills/oldwinter/skills/skillshare/Gen Agent Trust Hub

skillshare

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The scripts/run.sh script downloads and executes compiled binaries from an external GitHub repository (runkids/skillshare) at runtime.
  • [COMMAND_EXECUTION]: The extensions system documented in SKILL.md and references/extras.md allows the tool to execute arbitrary commands (such as Node.js or Python scripts) during the synchronization process to transform content.
  • [PROMPT_INJECTION]: The 'AI Caller Rules' in SKILL.md instruct the AI agent to bypass the tool's built-in security audit using the --force or --skip-audit flags if a security scan blocks an operation.
  • [DATA_EXFILTRATION]: The skill includes a push command (documented in references/sync.md) that uploads local source files and configurations to a remote Git repository, posing a risk of accidental sensitive data exposure if source directories are not properly managed.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/runkids/skillshare/main/skills/skillshare/scripts/run.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 12:29 AM
Security Audit — agent-trust-hub — skillshare